Aggregated Event Search
POST/search/event/aggregate
Returns the results of an RQL aggregated audit events query. This RQL query is similar to an RQL event query, but the data returned includes location and service data.
Request
- application/json; charset=UTF-8
Body
required
Audit event search parameters model
- Array [
- ]
- Array [
- ]
timeRange object
Model for TimeRangeConfig
Possible values: [relative]
Time type
value object
Model for RelativeTimeDuration
Possible values: [minute, hour, day, week, month, year]
Time unit
Number of time units
Group By parameters
filters object[]
Filters
Name
Value
Possible values: [=]
Operator
Alert ID
sort object[]
Sort Fields
Possible values: [ID, TIME, OPERATION, CLOUD_SERVICE, CRUD, USER, CLOUD_ACCOUNT, CLOUD_REGION, TIMESTAMP]
Possible values: [asc, desc]
Direction
Limit
Search ID
RQL query
Responses
- 200
- 400
success
- application/json; charset=UTF-8
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
Group By
filters object[]
View Order
Name
Value
Possible values: [=]
Operator
Time Granularity
Alert ID
Possible values: [aws, azure, gcp, alibaba_cloud, oci]
Cloud Type
Search ID
Search Name
Search Description
Possible values: [network, audit_event, config, asset]
Search Type
Async Result Url
Search Exists
timeRange objectrequired
Model for TimeRangeConfig
Possible values: [relative]
Time type
value object
Model for RelativeTimeDuration
Possible values: [minute, hour, day, week, month, year]
Time unit
Number of time units
RQL Query
Cursor
data object[]
true = Is Async
{
"groupBy": [
"string"
],
"filters": [
{
"name": "string",
"value": "string",
"operator": "="
}
],
"timeGranularity": "string",
"alertId": "string",
"cloudType": "aws",
"id": "string",
"name": "string",
"description": "string",
"searchType": "network",
"asyncResultUrl": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download",
"saved": true,
"timeRange": {
"type": "relative",
"value": {
"unit": "minute",
"amount": 0
}
},
"query": "string",
"cursor": 0,
"data": [
{
"service": "string",
"user": "string",
"cityId": 0,
"cityName": "string",
"stateId": 0,
"stateName": "string",
"countryId": 0,
"countryName": "string",
"timestamp": 0,
"latitude": 0,
"longitude": 0,
"events": 0,
"anomalies": 0,
"serviceAnomalies": 0,
"geoAnomalies": 0,
"serviceNGeoAnomalies": 0,
"bruteForceAnomalies": 0,
"timeTravelAnomalies": 0,
"deviceFingerprintLoginAnomalies": 0,
"serviceAnomaliesByUser": 0,
"geoAnomaliesByUser": 0,
"serviceNGeoAnomaliesByUser": 0,
"serviceAnomaliesByAccessKey": 0,
"geoAnomaliesByAccessKey": 0,
"serviceNGeoAnomaliesByAccessKey": 0,
"distinctUsers": 0,
"unusualLocations": "string",
"description": "string",
"serviceHighlighted": true
}
],
"default": true,
"async": true
}
internal_error